Aggregator

Судьбу сложного программного кода решила банальная лень владельца.

A vulnerability, which was classified as critical, has been found in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. This vulnerability was named CVE-2026-7642. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

The bill, known as the GUARD Act, also requires that AI companions advise users of all ages that they are not human and lack professional credentials. It also makes it a crime for AI companions to knowingly ask kids for sexual content or to produce it.

A vulnerability classified as problematic was found in Facebook WhatsApp on iOS/Android. The impacted element is an unknown function. Such manipulation leads to improper verification of source of a communication channel. This vulnerability is uniquely identified as CVE-2026-23866. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

OpenAI Codex CLI 系统提示词专门加入了一条对地精（Goblins）等词的限制：“never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless it is absolutely and unambiguously relevant to the user's query”。官方解释称，从 GPT-5.1 开始该公司的模型在比喻中提及 goblin 等词的频率大增，ChatGPT 中 goblin 的使用量增加了 175%，gremlin 使用量增加了 52%。它为此展开了调查，发现是因为 Nerdy 个性无意中奖励了此类比喻，导致高频使用 goblin 的行为扩散。为解决该问题，OpenAI 淘汰了 Nerdy 个性，移除了对 goblin 友好的奖励信号，从训练数据过滤掉相关示例，防止其再次不恰当的出现。

A vulnerability classified as critical has been found in Imagination Graphics DDK up to 1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. The affected element is an unknown function. This manipulation causes use after free. This vulnerability is handled as CVE-2026-22166. It is possible to launch the attack on the local host. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Imagination Graphics DDK up to 1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. Impacted is an unknown function. The manipulation results in use after free. This vulnerability is known as CVE-2026-22165. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Facebook WhatsApp Desktop 0.3.3793/0.3.4932/0.3.9309/2.2450.6 on Windows. This issue affects some unknown processing. The manipulation leads to improper neutralization of null byte or nul character. This vulnerability is traded as CVE-2026-23863. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

BleepingComputer initially published a story about a new data breach at Instructure. Shortly after publication, we determined that the information was incorrect and primarily based on outdated details from a prior incident. The article has been retracted, and we regret the error. [...]

A vulnerability labeled as critical has been found in Imagination Graphics DDK up to 1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM. This vulnerability affects unknown code of the component GPU Driver. Executing a manipulation can lead to memory corruption. This vulnerability appears as CVE-2026-22167. The attack requires local access. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Vanetza V2X up to 26.02. This affects the function Router::indicate of the file openssl_wrapper.cpp. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2026-37554. The attack is possible to be carried out remotely. No exploit exists.

Submit #806812 / VDB-360754

A vulnerability categorized as problematic has been discovered in Open CASCADE Technology OCCT 8.0.0.rc5. Affected by this issue is the function VrmlData_Scene of the component VRML Parser. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-42480. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Open CASCADE Technology OCCT 8.0.0.rc5. It has been rated as problematic. Affected by this vulnerability is the function VrmlData_IndexedLineSet of the component VRML Parser. This manipulation of the argument coordIndex causes out-of-bounds read. This vulnerability is registered as CVE-2026-42479. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Open CASCADE Technology OCCT 8.0.0.rc5. It has been declared as problematic. Affected is the function Standard_ReadLineBuffer::ReadLine of the component OBJ File Parser. The manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-42477. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Open CASCADE Technology OCCT 8.0.0.rc5. It has been classified as problematic. This impacts the function Geom2d_BSplineCurve::EvalD0. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-42481. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Prosody up to 0.12.5/13.0.4 and classified as problematic. This affects an unknown function. Executing a manipulation can lead to memory leak. This vulnerability is tracked as CVE-2026-43506. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Prosody up to 0.12.5/13.0.4 and classified as critical. The impacted element is an unknown function of the component mod_proxy65. Performing a manipulation results in unprotected alternate channel. This vulnerability is identified as CVE-2026-43505. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Prosody up to 0.12.5/13.0.4. The affected element is an unknown function of the component mod_proxy65. Such manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2026-43504. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Open CASCADE Technology OCCT 8.0.0.rc5. Impacted is the function VrmlData_IndexedFaceSet of the file libTKDEVRML.so of the component VRML File Handler. This manipulation causes denial of service. The identification of this vulnerability is CVE-2026-42478. It is possible to initiate the attack remotely. There is no exploit available.